European Cybersecurity Certification Week 2026: Advancing EU Cybersecurity in Cyprus

The European Cybersecurity Certification Week, hosted by the Cyprus Presidency of the Council of the EU, took place from 14 to 17 April in Ayia Napa.

This conference brought together policymakers, industry experts, conformity assessment bodies, and national authorities to shape the future of EU cybersecurity certification. Organised by the European Union Agency for Cybersecurity (ENISA) in close collaboration with the European Commission, the events during the week fostered critical discussions on strengthening Europe's cyber resilience through harmonised certification frameworks.

A week of collaboration and exchanges

The Commission is working closely with ENISA, Member States and industry on the implementation of the EU Cybersecurity Certification Framework (ECCF).

The week featured numerous meetings and events including the European Cybersecurity Certification Conference and the meeting of the European Cybersecurity Certification Group gathering all national authorities aiming at advancing the EU Cybersecurity Certification Framework (ECCF) under the Cybersecurity Act (CSA) and creating synergies with other regulations such as the Cyber Resilience Act (CRA) and the NIS2 Directive (NIS2)

The flagship conference, organised by ENISA, gathered around 100 on-site participants and 400 online attendees, underscoring the growing importance of cybersecurity certification in Europe. Keynote speeches by Despina Spanou (Deputy Director-General, DG CNECT, online) and Juhan Lepassaar (Executive Director, ENISA) highlighted the progress made under the CSA and the future of certification in the EU, in particular with regards to the Commission's proposal for a revised Cybersecurity Act.

Progress on European cybersecurity certification schemes

Important highlights from the week included the progress made on two draft candidate schemes under development by ENISA following the requests introduced by the Commission.

• The future European scheme for EU Digital Identity Wallets aims to offer highest security standards for the certification of EU Digital Identity Wallets and protect citizens credentials. ENISA presented to the National Cybersecurity Certification Authorities (gathered in the ECCG) the draft candidate scheme on EUDI Wallets. The draft scheme is subject to public consultation, which remains open until 30 April 2026. As a next step, the ECCG will deliver its opinion to ENISA on the draft candidate scheme.
• Industry and Member States experts had a two-day meeting to continue the work on developing a draft candidate scheme for Managed Security Services. This scheme will provide a benchmark for choosing trustworthy cybersecurity services and respond effectively to incidents. It is particularly critical as providers participating in the EU Cybersecurity Reserve under the Cyber Solidarity Act will be required to obtain certification within two years of adoption. For this reason, the first vertical to be developed focuses on incident management and incident response.

Member States, ENISA and the Commission also took stock of the peer review mechanism under the ECCF. This process that started this year ensures consistent implementation of the framework and achieving equivalent standards across Member States. A first peer review took place in Slovakia, and other peer review this year will include the NCCAs in Germany, Malta, Belgium, Czechia and Sweden.

Read more information

• ENISA certification website
• Commission certification website
• Factpage on the European cybersecurity certification framework

Related topics